class R509::Cert::Extensions::AuthorityInfoAccess
RFC 5280 Description (see: www.ietf.org/rfc/rfc5280.txt)
The authority information access extension indicates how to access information and services for the issuer of the certificate in which the extension appears. Information and services may include on-line validation services and CA policy data. (The location of CRLs is not specified in this extension; that information is provided by the cRLDistributionPoints extension.) This extension may be included in end entity or CA certificates. Conforming CAs MUST mark this extension as non-critical. You can use this extension to parse an existing extension for easy access to the contents or create a new one.
Constants
- OID
friendly name for AIA
OID
Attributes
An R509::ASN1::GeneralNames
object of CA Issuers (or nil if not
present)
@return [R509::ASN1::GeneralNames,nil]
An R509::ASN1::GeneralNames
object of OCSP
endpoints (or nil if not
present)
@return [R509::ASN1::GeneralNames,nil]
Public Class Methods
This method takes a hash or an existing Extension object to parse. If passing a hash you must supply :ocsp_location and/or :ca_issuers_location. These values must be in the form seen in the examples below.
@option arg :ocsp_location [Array,R509::ASN1::GeneralNames] Array of
hashes (see examples) or GeneralNames object
@option arg :ca_issuers_location [Array] Array of hashes (see
examples) or GeneralNames object
@option arg :critical [Boolean] (false) @example
R509::Cert::Extensions::AuthorityInfoAccess.new( :ocsp_location => [ { :type => "URI", :value => "http://ocsp.domain.com" } ], :ca_issuers_location => [ { :type => "dirName", :value => { :CN => 'myCN', :O => 'some Org' } } ] )
@example
name = R509::ASN1::GeneralName.new( :type => "IP", :value => "127.0.0.1" ) R509::Cert::Extensions::AuthorityInfoAccess.new( :ca_issuers_location => [name] )
# File lib/r509/cert/extensions/authority_info_access.rb, line 64 def initialize(arg) unless R509::Cert::Extensions.is_extension?(arg) arg = build_extension(arg) end super(arg) parse_extension end
Public Instance Methods
@return [Hash]
# File lib/r509/cert/extensions/authority_info_access.rb, line 74 def to_h hash = { :critical => self.critical? } unless @ocsp.names.empty? hash[:ocsp_location] = R509::Cert::Extensions.names_to_h( @ocsp.names ) end unless @ca_issuers.names.empty? hash[:ca_issuers_location] = R509::Cert::Extensions.names_to_h( @ca_issuers.names ) end hash end
@return [YAML]
# File lib/r509/cert/extensions/authority_info_access.rb, line 90 def to_yaml self.to_h.to_yaml end
Private Instance Methods
# File lib/r509/cert/extensions/authority_info_access.rb, line 113 def build_extension(arg) validate_authority_info_access(arg) aia = [] aia_conf = [] locations = [ { :key => :ocsp_location, :short_name => 'OCSP' }, { :key => :ca_issuers_location, :short_name => 'caIssuers' } ] locations.each do |pair| validate_location(pair[:key].to_s, arg[pair[:key]]) data = arg[pair[:key]] unless data.nil? elements = R509::ASN1::GeneralNames.new(data) elements.names.each do |name| serialize = name.serialize_name aia.push "#{pair[:short_name]};#{serialize[:extension_string]}" aia_conf.push serialize[:conf] end end end ef = OpenSSL::X509::ExtensionFactory.new ef.config = OpenSSL::Config.parse(aia_conf.join("\n")) critical = R509::Cert::Extensions.calculate_critical( arg[:critical], false ) ef.create_extension("authorityInfoAccess", aia.join(","), critical) end
# File lib/r509/cert/extensions/authority_info_access.rb, line 96 def parse_extension data = R509::ASN1.get_extension_payload(self) @ocsp = R509::ASN1::GeneralNames.new @ca_issuers = R509::ASN1::GeneralNames.new data.entries.each do |access_description| # AccessDescription ::= SEQUENCE { # accessMethod OBJECT IDENTIFIER, # accessLocation GeneralName } case access_description.entries[0].value when "OCSP" @ocsp.add_item(access_description.entries[1]) when "caIssuers" @ca_issuers.add_item(access_description.entries[1]) end end end